privsep: limit rights for stdout/stderr/stdin using capsicum

author: Roy Marples <roy@marples.name> 2020-09-06 11:57:19 +0100
committer: Roy Marples <roy@marples.name> 2020-09-06 11:57:19 +0100
commit: 1fbb7b5b9879fe2b03c1a9e7b028eaf4c0ce9d6c (patch)
tree: 2c5f9734f87a4f764c097e393e39ae3de7cbd1af /src/privsep.c
parent: 8bc2150dce5fa055b44816d4c6b9ca16f7a7df4b (diff)
download: dhcpcd-1fbb7b5b9879fe2b03c1a9e7b028eaf4c0ce9d6c.tar.xz
1 files changed, 13 insertions, 3 deletions
diff --git a/src/privsep.c b/src/privsep.c
index bdef041f..76037d91 100644
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -75,6 +75,8 @@
 
 #ifdef HAVE_CAPSICUM
 #include <sys/capsicum.h>
+#include <capsicum_helpers.h>
+#define ps_rights_limit_stdio caph_limit_stdio
 #endif
 #ifdef HAVE_UTIL_H
 #include <util.h>
@@ -340,6 +342,14 @@ ps_dostart(struct dhcpcd_ctx *ctx,
 			close(ctx->ps_root_fd);
 			ctx->ps_root_fd = -1;
 		}
+
+#ifdef PRIVSEP_RIGHTS
+		/* We cannot limit the root process in any way. */
+		if (ps_rights_limit_stdio() == -1) {
+			logerr("ps_rights_limit_stdio");
+			goto errexit;
+		}
+#endif
 	}
 
 	if (priv_fd != &ctx->ps_inet_fd && ctx->ps_inet_fd != -1) {
@@ -470,9 +480,9 @@ ps_mastersandbox(struct dhcpcd_ctx *ctx)
 	}
 
 #ifdef PRIVSEP_RIGHTS
-	if ((ps_rights_limit_ioctl(ctx->pf_inet_fd) == -1 ||
-	     ps_rights_limit_fd(ctx->link_fd) == -1) &&
-	    errno != ENOSYS)
+	if (ps_rights_limit_ioctl(ctx->pf_inet_fd) == -1 ||
+	     ps_rights_limit_fd(ctx->link_fd) == -1 ||
+	     ps_rights_limit_stdio() == -1)
 	{
 		logerr("%s: cap_rights_limit", __func__);
 		return -1;
author	Roy Marples <roy@marples.name>	2020-09-06 11:57:19 +0100
committer	Roy Marples <roy@marples.name>	2020-09-06 11:57:19 +0100
commit	1fbb7b5b9879fe2b03c1a9e7b028eaf4c0ce9d6c (patch)
tree	2c5f9734f87a4f764c097e393e39ae3de7cbd1af /src/privsep.c
parent	8bc2150dce5fa055b44816d4c6b9ca16f7a7df4b (diff)
download	dhcpcd-1fbb7b5b9879fe2b03c1a9e7b028eaf4c0ce9d6c.tar.xz